You definitely should still check this, but even with proper indexing settings Windows is still garbage at search and has been since XP.

And this is coming from one of the only people who ever defends MS on Lemmy.

Yep, that would work fine for the first line of defense. Eventually, you can expand it to copy, replicate, or drive swap the onprem backups offsite somewhere (e.g., cloud, office, or family member) if you want to protect your data from site loss (e.g., house fire).

The only thing missing is a good backup.

If you are storing anything important – especially Immich and Vaultwarden data – you should have a good offsite protection strategy. And even the HASS config should be backed up with versioning because rebuilding from scratch could be painful once you get deep into it.

I’ll let others chime in on possible good backup options because I use Veeam and Azure, which really isn’t in the spirit of this community, and I’d be interested in good open source options myself.

Also, RAID (mirroring) is NOT a backup.

I read a lot of reviews before buying mine saying things like, “so heavy you could kill an intruder,” but still wasn’t prepared for just how heavy it was.

Definitely worth it.

Also the pupper is adorable. 😍

Keychron was a nice choice.

Lol Microsoft is not even close to a walled garden. This is just them removing the password manager feature that nobody used from their authenticator app.

Exactly! It’s not like you need them to learn good habits to become self-sufficient workers when they grow up.

As much as we beg and plead him, our dog is never going out to get a job. Might as well spoil him with treats and belly rubs!

You clearly know more than me, but wouldn’t everything from 4GB to 1TB have the same number of walks? And one more walk gets you up to 256TB?

No that’s not how it works. Handling a larger address space (e.g., 32-bit vs 64-bit) maybe could affect speed between same sized modules on a very old CPU but I’m not sure that’s even the case by any noticeable margin.

The RA in RAM stands for random access; there is no seeking necessary.

Technically at a very low level size probably affects speed, but not to any degree you’d notice. RAM speed is actually positively correlated with size, but that’s more because newer memory modules are both generally both bigger and faster.

It’s not exactly clear what the main goal is here and it sounds like a bad idea on first glance after reading your last paragraph. But it sounds like you might be looking for mandatory profiles.

https://learn.microsoft.com/en-us/windows/client-management/client-tools/mandatory-user-profile

But now that I read it again I think you might be conflating users/profiles with sessions. In which case no, this is neither possible nor a good idea. But it still might be okay with mandatory profiles if the device and app works the same from multiple sessions.

Anyway, you might get better answers if you state the full problem, including details on software and device, not just your proposed solution.

https://xyproblem.info/

Yep this is exactly right. Too many people are unaware that their votes are not anonymous on Lemmy and blocking the public tool only helps the bad guys who already know this. I’ve always thought this was a major weakness in Lemmy but I don’t have a solution myself without some other major drawback.

I think probably votes should be anonymized or batched between servers so that only your instance’s admins can see individual votes and you just have to trust the instances you federate with that they aren’t pulling any shenanigans or otherwise defederate. That’s not an easy problem to solve, but it’s not like it’s not currently possible to manipulate votes with a federated server, it would just be harder to detect. Regardless I think the need for privacy wins here.

The easiest way that doesn’t affect the main network would be to use a travel router. Its WAN IP would be the private IP it gets from the main network (over wireless since that’s your only option). And it would NAT your network onto that IP and then you can do whatever you want on your network.

I’m not sure if that Mikrotik router will do this but it might. You basically need something that can connect to an SSID and use that interface as its WAN interface. The wireless factor here is really limiting your choices. If you had a wired uplink to the main network you could use any router/gateway/firewall you wanted. You could also use an AP in bridge mode to connect to the main network’s SSID and wire it to the WAN port of any router of your choice.

You don’t really need to use VLANs to separate your network from the main network unless you want to share any of the same layer 2 segments (basically wired Ethernet) while keeping it isolated. But it doesn’t really sound like that applies in your scenario. Of course using VLANs within your network would still make sense if that applies (for example, to separate your server traffic from your IoT traffic).

They’re only killing the crappy store/UWP version that nobody used anyway and only caused confusion. The normal OneNote bundled in Office isn’t going anywhere as far as I know.

That said, I’ve moved a lot of my note taking to Obsidian. It’s not a perfect replacement but it’s a fantastic markdown editor and now I use both for different use cases.

I heavily use both and this is objectively untrue.

I don’t deal with hardware much anymore, but I’d take Aruba over Cisco any day. But for everything else, yeah fuck HP.

I will never understand how anyone could come to thinking aspic was a good idea.

https://en.m.wikipedia.org/wiki/Aspic

And what about taking a nice drive down Jean Baptiste Pointe du Sable Lake Shore Drive?

I’m guessing most of the younger crowd here has never seen When Harry Met Sally.

https://youtu.be/iEV_pQIf3Og

Microsoft uses TPM PCRs 7+11 for BitLocker which is more secure than the Linux implementations mentioned in the article.

PCR 7 is the Secure Boot measurement which means it can’t be unlocked unless every signed boot component has not been tampered with up to the point of unlock by the EFI bootloader. PCR 11 is simply flipped from a 0 to a 1 by the bootloader to protect the keys from being extracted in user land from an already booted system.

The article is correct that most Linux implementations blindly following these kinds of “guides” are not secure. Without additional PCRs, specifically 8 and 9 measuring the grub commands (no single-user bypass) and initrd (which is usually on an unencrypted partition), it is trivial to bypass. But the downside of using these additional PCRs is that you need to manually unlock with a LUKS2 password and reseal the keys in TPM whenever the kernel and or initrd updates.

Of course to be really secure, you want to require a PIN in addition to TPM to unlock the disk under any OS. But Microsoft’s TPM-only implementation is fairly secure with only a few advanced vulnerabilities such as LogoFAIL and cold boot attacks.